formbook | 9f871875ab9d8e491042f763031d779a5168e7cdff65b4e9ce180331f6e7b36f | Triage

Sharing

General

Target

Wiprelyokcawpj.zip
Size

547KB
Sample

231010-jrkl1sea87
MD5

901b8654876e375b058f3cbd222d4f93
SHA1

132323eb4fad3dd7ece0daec2336c41dc71bb2ee
SHA256

9f871875ab9d8e491042f763031d779a5168e7cdff65b4e9ce180331f6e7b36f
SHA512

c4f0addf599953482fbc2fdf40895960a9b212db06370e1e515fcce08acaa4d734a6ac9e33a5070140986007b75ea7b1a155d4feaa25fb395cbae6166ecc2870
SSDEEP

12288:j6fD05KbZNmj35LrikbBDzXDjzaGXb7na4:jI0sbfmjJblzDjuGX3nd

Score

10^/10

formbook modiloader fadc persistence rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fadc

Decoy

protechdream.com

faireco.life

bakrinhome.com

bustygirl.xyz

kbif.info

ningo.bond

hollywoodcircleevents.site

eapv-uabjo.com

852bets.com

nooption.online

global-strategy.pro

cartaonline.online

sacredbones2023.com

barsandbands.fun

liftchairs-info-mx.today

delamar.one

shuntianyuan.net

americanworldsolutions.com

julitv.net

criativax.com

Targets

- Target
  
  Wiprelyokcawpj.exe
- Size
  
  1.3MB
- MD5
  
  14239e8403667595f401b4971c28b3db
- SHA1
  
  9b1afe3640abcde93657ff00d7ccf91efb7e652c
- SHA256
  
  25c965edd039ebc00529a936e066f34149b4bb69c59c7a4fb575849584a71dda
- SHA512
  
  fa4f817274d8c81581e79454c43ff704d1017f0ea7017a8422d9c4e897810d5c1108047082fe325391ba580f823e2d954d81e7774231ede4cb621226d2738b55
- SSDEEP
  
  24576:vUrkF9ZT6xy9M7HCZmFq/wbgKcQrE/k2+gL5:vUwVk2XL
Score

10^/10

modiloader trojan formbook fadc persistence rat spyware stealer
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Formbook payload
  rat
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

formbookmodiloaderfadcpersistenceratspywarestealertrojan